Page 1: User Guide
SecureLinx Console Manager (SLC) User Guide SecureLinx SLC8  SecureLinx SLC16  SecureLinx SLC32  SecureLinx SLC48  Part No. 900-449 Rev. H March 2010...
Page 2: Copyright And Trademark
Online: www.lantronix.com/support Sales Offices For a current list of our domestic and international sales offices, go to the Lantronix web site at www.lantronix.com/about/contact. Disclaimer and Revisions Operation of this equipment in a residential area is likely to cause interference, in which case the user, at his or her own expense, will be required to take whatever measures may be required to correct the interference.
Page 3: Revision History
The user is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the user’s authority to operate this equipment. Changes or modifications to this device not explicitly approved by Lantronix will void the user's authority to operate this device.
Page 4: Table Of Contents
Table of Contents Copyright and Trademark ____________________________________________________ 2 Warranty _________________________________________________________________ 2 Open Source Software ______________________________________________________ 2 Contacts _________________________________________________________________ 2 Disclaimer and Revisions ____________________________________________________ 2 Revision History ___________________________________________________________ 3 1: About This Guide Chapter Summaries ________________________________________________________ 14 Conventions ______________________________________________________________ 15 Additional Documentation ___________________________________________________ 16 2: Overview SLC Models and Part Numbers _______________________________________________17 System Features __________________________________________________________ 19...
Page 5 Table of Contents 5: Web and Command Line Interfaces Web Interface_____________________________________________________________ 39 Logging In ____________________________________________________________ 41 Logging Off ___________________________________________________________ 41 Web Page Help ________________________________________________________ 41 Command Line Interface ____________________________________________________ 41 Logging In ____________________________________________________________ 42 Logging Out ___________________________________________________________ 42 Command Syntax ______________________________________________________ 42 Command Line Help ____________________________________________________ 43 Tips _________________________________________________________________ 43 General CLI Commands _________________________________________________ 44...
Page 6 Table of Contents Permissions ______________________________________________________________ 79 Device Status _____________________________________________________________ 79 Device Ports______________________________________________________________ 80 Port Status and Counters ________________________________________________ 88 Device Port – SLP ______________________________________________________ 89 Device Port – Sensorsoft Device ___________________________________________ 90 Device Port Commands__________________________________________________ 92 Device Ports – Logging _____________________________________________________ 92 Local Logging _________________________________________________________ 92 NFS File Logging _______________________________________________________ 92 PC Card Logging _______________________________________________________ 93...
Page 7 Table of Contents Multiport Device Server _________________________________________________ 129 Console Server _______________________________________________________ 129 Connection Configuration___________________________________________________ 130 Connection Commands _________________________________________________ 133 12: User Authentication Overview of Authentication _________________________________________________ 134 User Rights _____________________________________________________________ 135 Authentication Methods ____________________________________________________ 136 Authentication Commands ______________________________________________137 Local and Remote Users ___________________________________________________ 138 Local/Remote User Settings ________________________________________________ 139 Local/Remote Users Commands__________________________________________ 143 NIS ____________________________________________________________________ 144...
Page 8 Table of Contents Status/Reports Commands ______________________________________________185 Events _________________________________________________________________ 185 Events Commands ____________________________________________________ 186 Banners ________________________________________________________________ 187 Banner Commands ____________________________________________________ 187 LCD and Keypad _________________________________________________________ 188 LCD/Keypad Commands ________________________________________________ 189 14: Application Examples Telnet/SSH to a Remote Device _____________________________________________ 190 Dial-in (Text Mode) to a Remote Device _______________________________________ 192 Local Serial Connection to Network Device via Telnet ____________________________ 193 15: Command Reference Introduction to Commands __________________________________________________ 195...
Page 9 G: DC Connector Instructions H: LDAP Schemas Installing Schema Support in Window AD Server ________________________________ 276 Creating the Lantronix SecureLinx SLC Schema Attribute _________________________279 Adding the Attribute to the Users Group in Windows______________________________ 281 Adding the Permissions to the Individual User___________________________________ 283...
Page 10 List of Figures Figure 2-1 Lantronix SLC48 with PC Card Slots_________________________________________ 19 Figure 2-2 Lantronix SLC48 with USB Port_____________________________________________ 19 Figure 2-3 Device Port Connections __________________________________________________ 21 Figure 2-4 Console Port Connection__________________________________________________ 22 Figure 2-5 Network Connection _____________________________________________________ 22 Figure 2-6 PC Card Interface _______________________________________________________ 22...
Page 11 List of Figures Figure 8-8 Device Ports - Logging ___________________________________________________ 94 Figure 8-9 Console Port Page_______________________________________________________ 98 Figure 8-10 Host Lists Page ________________________________________________________ 99 Figure 8-11 Scripts Page _________________________________________________________ 102 Figure 8-12 Adding New Scripts Page _______________________________________________ 103 Figure 9-1 PC Card Page _________________________________________________________ 114 Figure 9-2 PC Card - Storage Page _________________________________________________ 115 Figure 9-3 PC Card - Modem/ISDN Page_____________________________________________ 116 Figure 10-1 USB Main Page _______________________________________________________ 122...
Page 12 List of Figures Figure 14-2 Remote User Connected to a SUN Server via the SLC ________________________ 190 Figure 14-3 Connection to SUN UNIX Server__________________________________________ 192 Figure 14-4 Terminal Device Connection to the SLC ____________________________________ 193 Figure D-1 RJ45 Receptacle to DB25M DCE Adapter for the SLC (PN 200.2066A) ____________ 260 Figure D-2 RJ45 Receptacle to DB25F DCE Adapter for the SLC (PN 200.2067A) ____________ 261 Figure D-3 RJ45 Receptacle to DB9M DCE Adapter for the SLC (PN 200.2069A) _____________ 262 Figure D-4 RJ45 Receptacle to DB9F DCE Adapter for the SLC (PN 200.2070A) _____________ 263...
Page 13 Table 5-2 SCS and SLC Commands _________________________________________________ 44 Table 12-1 User Group Rights _____________________________________________________ 135 Table 15-1 Actions and Category Options ____________________________________________ 196 Table F-1 Lantronix Product Family Names and Toxic/Hazardous Substances and Elements ____ 272 SecureLinx SLC User Guide...
Page 14: 1: About This Guide
1: About This Guide This guide provides the information needed to install, configure, and use the products in the Lantronix SecureLinx Console Manager (SLC) family. It is for IT professionals who must remotely and securely configure and administer servers, routers, switches, telephone equipment, or other devices equipped with a serial port.
Page 15: Conventions
1: About This Guide Table 1-1 Chapter/Appendix and Summary (continued) Chapter/Appendix Summary 11: Connections Provides instructions for configuring connections and viewing, updating, or disconnecting a connection. 12: User Authentication Provides instructions for enabling or disabling methods that authenticate users who attempt to log in via SSH, Telnet, or the console port. Provides instructions for creating custom menus.
Page 16: Additional Documentation
Screen Font CLI terminal sessions and examples of CLI input. (Courier New) Additional Documentation Visit the Lantronix web site at www.lantronix.com/support/documentation for the latest documentation and the following additional documentation: SLC Quick Start—Describes the steps for getting the SLC up and running; provided on the ...
Page 17: 2: Overview
These products offer systems administrators and other IT professionals a variety of tools to securely access and manage their resources. Lantronix has been an innovator in this market with terminal servers and secure console servers, as well as other remote access devices.
Page 18: Table 2-1 Slc Part Numbers, Models, And Descriptions
2: Overview Two Ethernet ports are useful when you want to use one port on a private, secure network and the other on a public, unsecured network. Table 2-1 lists the part numbers, models, and descriptions. Table 2-1 SLC Part Numbers, Models, and Descriptions Part Number Part Number Model and Description...
Page 19: System Features
2: Overview Figure 2-1 Lantronix SLC48 with PC Card Slots Two-line Display Front Panel Pushbuttons Two PC Card Slots RS232 Port 1u Tall Self-Contained Rack-Mountable Chassis Dual DC Power Inputs RS-232 Device Ports Two 10/100 (1 - 48) Network Ports...
Page 20: Protocols Supported
2: Overview Configurable user rights for local and remotely authenticated users  Supports an internal PC Card modem, USB modem, or an external modem  No unintentional break ever sent to attached servers (Solaris Ready)  Simultaneous access on the same port - “listen” and “direct” connect mode ...
Page 21: Hardware Features
All physical connections use industry-standard cabling and connectors. The network and serial ports are on the rear panel of the SLC, and the console port is on the front. Required cables and adapters for certain servers, switches, and other products are available from Lantronix at www.lantronix.com.
Page 22: Network Connections
This PC Card interface is only supported on SLC -02 part numbers. The SLC has two PC Card slots as shown in Figure 2-6. Lantronix qualifies cards continuously and publishes a list of qualified cards on the Lantronix web site. Figure 2-6 PC Card Interface SecureLinx SLC User Guide...
Page 23: Usb Port
2: Overview USB Port Note: This USB port is only supported on SLC -03 part numbers. The SLC has a USB port as shown in Figure 2-7. Figure 2-7 SLC with USB Interface SecureLinx SLC User Guide...
Page 24: 3: Installation
Linux servers ADP010104-01 Adapter: RJ45 rolled serial, Cisco, and Sun Netra Note: An optional adapter for an external modem is available from Lantronix. The part number is 200.2073 and description is DB25M (DCE) to RJ45. Cables 200.0063 Cable: RJ45 to RJ45, 6.6 ft (2 m)
Page 25: Product Information Label
3: Installation Verify and inspect the contents of the SLC package using the enclosed packing slip or the table above. If any item is missing or damaged, contact your place of purchase immediately. Product Information Label The product information label on the underside of the unit contains the following information about each specific unit: Part Number ...
Page 26: Connecting To Device Ports
To connect to a device port: 1. Connect one end of the Cat 5 cable to the device port. 2. Connect the other end of the Cat 5 cable to a Lantronix serial console adapter. Note: To connect a device port to a Lantronix SLP, use the rolled serial cable provided with the unit, a 200.2225 adapter and Cat 5 cabling, or the ADP010104 adapter that...
Page 27: Connecting To Network Ports
Lookup on the Support menu. To connect a terminal: 1. Attach the Lantronix adapter to your terminal (use PN 200.2066A adapter) or your PC's serial port (use PN 200.2070A adapter). 2. Connect the Cat 5 cable to the adapter, and connect the other end to the SLC console port.
Page 28: Figure 3-2 Ac Power Input And Power Switch (Slcxxxx2N)
The DC version of the SLC accepts standard –48 VDC power. The SLC0xx24T models accept two DC power inputs for supply redundancy. Lantronix provides the DC power connections using industry standard Wago connectors. One set of connectors is included with the SLC. You can order additional connectors (part number 721-103/031-000) from the Wago catalog at http://www.wagocatalog.com/okv3/index.asp?lid=1&cid=1&str_from_home=first.
Page 29: 4: Quick Setup
4: Quick Setup This chapter helps get the IP network port up and running quickly, so you can administer the SLC using your network. It contains the following sections: Recommendations  IP Address  Next Step  Recommendations To set up the network connections quickly, we suggest you do one of the following: Use the front panel LCD display and pushbuttons.
Page 30: Front Panel Lcd Display And Pushbuttons
4: Quick Setup Table 4-1 Methods of Assigning an IP Address (continued) Method Description Serial port login to You assign an IP address and configure the SLC using a terminal or a PC command line interface running a terminal emulation program to the unit’s serial console port connection.
Page 31: Entering The Settings
4: Quick Setup Table 4-2 LCD Arrow Pushbutton Actions Action Button To move to the next option (e.g., from Network Settings to Console Right arrow Settings) To return to the previous option Left arrow To enter edit mode Enter (center button) Within edit mode, to increase or decrease a numerical entry Up and down arrows Within edit mode, to move the cursor right or left...
Page 32: Restoring Factory Defaults
4: Quick Setup Use the up or down arrow to increment or decrement the numerical value.  4. To toggle between a DHCP and static IP address, place the cursor over the [D] or [N] and press the up and down arrows. 5.
Page 33 4: Quick Setup 3. Press Enter to enter edit mode. 4. Using the left and right arrows to move between digits and the up and down arrows to change digits, enter the password (the default password is 999999). Note: The Restore Factory Defaults password is only for the LCD. You can change it at the command line interface using the admin keypad password command.
Page 34: Figure 4-2 Quick Setup Tab
4: Quick Setup Figure 4-2 Quick Setup Tab 4. To accept the defaults, select the Accept default Quick Setup settings checkbox in the top portion of the page and click the Apply button at the bottom of the page. Otherwise, continue with step 5.
Page 35 Domain If desired, specify a domain name (for example, support.lantronix.com). The domain name is used for host name resolution within the SLC. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC attempts to resolve abcd.mydomain.com for the...
Page 36: Figure 4-3 Quick Setup Screen Using Cli
4: Quick Setup To complete the quick setup: 1. Do one of the following: With a serial terminal connection, power up, and when the command line displays,  press Enter. With a network connection, use an SSH program or Telnet program (if Telnet has ...
Page 37 The host name becomes the prompt in the command line interface. Domain If desired, specify a domain name (for example, support.lantronix.com). The domain name is used for host name resolution within the SLC. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC attempts to resolve abcd.mydomain.com for the SMTP server.
Page 38: Next Step
4: Quick Setup Figure 4-4 Completed Quick Setup 5. To logout, type logout at the prompt and press Enter. Next Step After quick starting the SLC, you may want to configure other settings. You can use the web page or the command line interface for configuration. For information about the web and the command line interfaces, go to 5: Web and ...
Page 39: 5: Web And Command Line Interfaces
5: Web and Command Line Interfaces This chapter describes the interfaces for configuring the SLC that are: command line interface (CLI) and the Web Manager. You can also use the Front Panel LCD which is described in 4: Quick Setup. This chapter contains the following sections: Web Interface ...
Page 40: Figure 5-1 Web Page Layout
SLC is rebooted. Icons: The icons in the icon bar above the Main Menu are (from left to  right): Home page. Information about the SLC and Lantronix contact information. SecureLinx SLC User Guide...
Page 41: Logging In
The Lantronix SLC Quick Setup page displays automatically the first time you log in. Subsequently, the Lantronix SLC Home page displays. (If you want to display the Quick Setup page again, click Quick Setup on the main menu.) Logging Off To logoff the SLC web interface: Click the Logoff button.
Page 42: Logging In
5: Web and Command Line Interfaces The sysadmin user and users with who have full administrative rights have access to the complete command set, while all other users have access to a reduced command set based on their permissions. Logging In To log into the SLC command line interface: 1.
Page 43: Command Line Help
5: Web and Command Line Interfaces Table 5-1 Actions and Category Options Action Category auth | cifs | cli | command | consoleport | datetime | deviceport | history | hostlist | ipfilter | kerberos | ldap | localusers | log | menu | network | nfs | nis | ntp | password | radius | remoteusers | routing | script | services | slcnetwork | sshkey | tacacs+ | temperature | usb show auth | auditlog | cifs | cli | connections | consoleport | datetime | deviceport | emaillog | history...
Page 44: General Cli Commands
5: Web and Command Line Interfaces To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.  When the number of lines displayed by a command exceeds the size of the window (the default is 25), the command output is halted until the user is ready to continue.
Page 45 5: Web and Command Line Interfaces To view the last 100 commands entered in the session: show history To clear the command history: set history clear To view the rights of the currently logged-in user: show user Note: For information about user rights, see 12: User Authentication.
Page 46: 6: Basic Parameters
6: Basic Parameters This chapter describes how to set the following basic configuration settings for the SLC using the SLC web interface or CLI: Network parameters that determine how the SLC interacts with the attached network  Firewall and routing ...
Page 47: Ethernet Bonding
6: Basic Parameters Ethernet Bonding The SLC supports dual Ethernet interfaces. Typically both Ethernet interfaces are configured to work as independent network interfaces and given unique IP addresses and fixed MAC addresses. The Ethernet Bonding feature “bonds” the interfaces together to create a single virtual Network interface to SLC network applications.
Page 48: Figure 6-1 Network Web Page
6: Basic Parameters Figure 6-1 Network Web Page SecureLinx SLC User Guide...
Page 49 6: Basic Parameters 2. Enter the following fields. Ethernet Interfaces Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP) are not currently supported. Eth1/Eth2 Disabled: If selected, disables the network port. Defaults are Eth1 and Eth2 Settings enabled.
Page 50 6: Basic Parameters Ethernet Bonding Use the pull-down menu to select and configure one of the following:  Disabled Active Backup   802.3  Transmit Load Balancing Note: Bonding requires a static IP address. Gateway Default IP address of the router for this network. If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2 displays.
Page 51: Ethernet Counters
Domain If desired, specify a domain name (for example, support.lantronix.com). The domain name is used for host name resolution within the SLC. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC attempts to resolve abcd.mydomain.com for...
Page 52: Network Commands
6: Basic Parameters Network Commands The following CLI commands correspond to the Network Settings page. For more information, 15: Command Reference. set network (on page 231)  set network bonding (on page 231)  set network dns (on page 231) ...
Page 53: Configuring Ip Filters Rulesets
6: Basic Parameters Figure 6-3 IP Filter Page 1. Enter the following fields. Enable IP Filter Select the Enable IP Filter checkbox to enable all filters, or clear the checkbox to disable all filters. Disabled by default. Packets Dropped Displays the number of data packets that the filter ignored (did not respond (view only) to).
Page 54: Figure 6-4 Adding Network Ip Filter Rulesets
6: Basic Parameters Figure 6-4 Adding Network IP Filter Rulesets 2. Enter the Ruleset Name. The Ruleset Name identifies a filter. The name can be letters, numbers, and hyphens only but cannot start with a hyphen. For example, FILTER-2. 3. Enter following fields. Rule Parameters IP Address Specify a single IP address to act as a filter.
Page 55 6: Basic Parameters Action Select whether to drop, reject, or allow communications for the specified IP address, subnet mask, protocol, and port range. Drop ignores the packet with no notification. Reject ignores the packet and sends back an error message. Allow permits the packet through the filter.
Page 56: Viewing Ip Filter Rulesets And Mapping
6: Basic Parameters Viewing IP Filter Rulesets and Mapping You can view a list of filter rulesets and a table showing how each filter is mapped to an interface. You can also view the status of the configured filter rulesets. The status page displays the number of incoming, outgoing, and forwarded packets.
Page 57: Ip Filter Commands
6: Basic Parameters Figure 6-6 IP Filter Status IP Filter Commands The following CLI commands correspond to the Network - IP Filter Status page. For more information, see 15: Command Reference. set ipfilter state (on page 224)  set ipfilter mapping (on page 223) ...
Page 58: Figure 6-7 Routing Page
6: Basic Parameters Figure 6-7 Routing Page 2. Enter the following fields. Enable RIP Select to enable Dynamic Routing Information Protocol (RIP) to assign routes automatically. Disabled by default. RIP Version Select the RIP version. The default is 2. Enable Static Select to assign the routes manually.
Page 59: Routing Commands
6: Basic Parameters Figure 6-8 Status/Reports Page 2. Click the IP Routes checkbox and Generate Report. You can also generate reports for port status and counters, connections, and system configurations in this page. Routing Commands The following CLI commands correspond to the Status/Reports page. For more information, see 15: Command Reference.
Page 60: 7: Services
7: Services This chapter describes how to use the Services web page to perform the following tasks: Configure the amount of data sent to the logs.  Enable or disable SSH and Telnet logins.  Enable a Simple Network Management Protocol (SNMP) agent. ...
Page 61: Figure 7-1 Ssh/Telnet/Logging Page
7: Services Figure 7-1 SSH/Telnet/Logging Page Enter the following fields. System Logging In System Logging, select one of the following alert levels from the drop-down list for each category: Off: Disables this type of logging.  Info: Saves informative message, in addition to warning and error messages. ...
Page 62 7: Services Authentication Specifies that messages concerning user authentication get logged. Device Ports Specifies that messages concerning device ports and connections get logged. Diagnostics Specifies that messages concerning system status and problems get logged. General Specifies that messages not in the categories above get logged. Remote Servers Specifies the IP address of remote server 1 and 2 for logged messages.
Page 63: Ssh, Telnet, And Logging Commands
7: Services Audit Log Enable Log Select to save a history of all configuration changes in a circular log. Disabled by default. The audit log is saved through SLC reboots. Size Set the maximum size of a log from 1 to 500 Kbytes. The default maximum size of a log is 50 Kbytes (approximately 500 entries).
Page 64: Snmp
7: Services SNMP Simple Network Management Protocol (SNMP) is a set of protocols for managing complex networks. 1. Click the Services tab and select the SNMP option. Figure 7-2 shows the page that displays. Figure 7-2 SNMP Page 2. Enter the following fields. Enable Agent Enables or disables SNMP agent, which allows read-only access to the system.
Page 65 7: Services Enable Traps Traps are notifications of certain critical events. Disabled by default. This feature is applicable when SNMP is enabled. Examples of traps that the SLC sends include:  Ethernet Port Link Up Ethernet Port Link Down  ...
Page 66: Snmp Commands
7: Services Auth with For Auth/No Encryp or Auth/Encrypt, the authentication method:  MD5: Message-Digest algorithm 5 (default) SHA: Secure Hash Algorithm  Encrypt with Encryption standard to use:  DES: Data Encryption Standard (default) AES: Advanced Encryption Standard  V3 Read-Only User User Name SNMP v3 is secure and requires user-based authorization to access SLC MIB...
Page 67: Figure 7-3 Nfs And Smb/Cifs Page
7: Services Similarly use SMB/CIFS, Microsoft file-sharing protocol, to export a directory on the SLC as an SMB/CIFS share. The SLC exports a single read-write CIFS share called “public,” with two subdirectories: Logs directory, which contains the system logs and the device port local buffers (see System ...
Page 68: Nfs And Smb/Cifs Commands
7: Services Read-Write If enabled, indicates that the SLC can write files to the remote directory. If you plan to log port data or save configurations to this directory, you must enable this option. Mount Select the checkbox to enable the SLC to mount the file to the NFS server. Disabled by default.
Page 69: Figure 7-4 Securelinx Network Page With Local Subnet Addressing
7: Services Figure 7-4 SecureLinx Network Page with Local Subnet Addressing 2. Click a device IP Address in the column labeled IP Address/Web Interface. A separate browser opens at the device Home page after you have logged in. In the separate browser page, you can manage the device.
Page 70: Figure 7-5 Telnet Session
7: Services Figure 7-5 Telnet Session To configure how SecureLinx devices are searched for on the network: 1. Click the Search Options link on the top right of the SecureLinx Network page. Figure 7-6 shows the page that displays. Figure 7-6 SecureLinx Network - Search Options Page SecureLinx SLC User Guide...
Page 71: Securelinx Network Commands
7: Services 2. Enter the following fields. SecureLinx Select the type of search you want to conduct. Network Search Local Subnet: Performs a broadcast to detect SecureLinx devices on the local subnet. Manually Entered IP Address List: Provides a list of IP addresses that may not respond to a broadcast because of how the network is configured.
Page 72: Figure 7-7 Date & Time Page
7: Services Figure 7-7 Date & Time Page 1. Enter the following fields. Change Date/ Select the checkbox to manually enter the date and time at the SLC location. Time Date Select the current month, day, and year from the drop-down lists. Time Select the current hour and minute from the drop-down lists.
Page 73: Date And Time Commands
7: Services 2. Click the Apply button. Date and Time Commands The following CLI commands correspond to the Date & Time page. For more information, see Command Reference. set datetime (on page 213)  set ntp (on page 213)  show ntp (on page 213) ...
Page 74: Figure 7-9 Web Server - Web Sessions Page
7: Services Enable Click the check box to enable an SLC iGoogle gadget. The iGoogle gadget allows an iGoogle iGoogle user to view the port status of many SLCs on one web page. See Google Gadget Web Gadgets on page 76 for more information regarding the XML code.
Page 75: Figure 7-10 Web Server - Ssl Certificate Page
7: Services Figure 7-10 Web Server - SSL Certificate Page 2. Enter the following fields. Reset to To reset to the default certificate, select the checkbox to reset to the default certificate. Default Unselected by default. Certificate Import SSL To import your own SSL Certificate, select the checkbox. Unselected by default. Certificate Import via Select the SCP, SFTP, or HTTPS method from the drop-down list.
Page 76: Web Server Commands
1. Load the following XML code on a web server that is accessible over the Internet. This code describes how to retrieve information and how to format the data for display. <?xml version=”1.0” encoding=”UTF-8”?> <Module> <ModulePrefs title=”__UP_model__ Devport Status” title_url=”http:// www.lantronix.com” directory_title=”SLC/SLB Status” description=”Devport status and counters” scrolling=”true” width=”400” height=”360” /> <UserPref name=”model” display_name=”Model” datatype=”enum”...
Page 77: Figure 7-11 Igoogle Gadget Page
7: Services <EnumValue value=”1” display_value=”1 second” /> <EnumValue value=”5” display_value=”5 seconds” /> <EnumValue value=”10” display_value=”10 seconds” /> <EnumValue value=”30” display_value=”30 seconds” /> <EnumValue value=”60” display_value=”1 minute” /> <EnumValue value=”300” display_value=”5 minutes” /> <EnumValue value=”600” display_value=”10 minutes” /> </UserPref> <Content type=”url” href=”http://__UP_ip__/devstatus.htm” /> </Module>...
Page 78: 8: Devices
8: Devices This chapter describes how to view the device status, configure devices, and use an SLC device port connected to an external device, such as a server or a modem. 11: Connections describes how to use the Connections page to connect external devices and outbound network connections (such as Telnet or SSH) in various configurations.
Page 79: Permissions
8: Devices For #1 and #6, if logins are enabled, the user is authenticated first, and then logged into the command line interface. The user login determines permissions for accessing device ports. Permissions There are three types of permissions: Direct (or data) mode: The user can interact with and monitor the device port (connect ...
Page 80: Device Ports
8: Devices Device Ports On the Device Ports page, you can set up the numbering of Telnet, SSH, and TCP ports, view current port modes, and select individual ports to configure. 1. Click the Devices tab and select the Device Ports option. Figure 8-2 shows the page that displays.
Page 81 8: Devices Telnet in or SSH in is enabled for the device port. The device port is either waiting for a Telnet or SSH login or has received a Telnet or SSH login (a user has logged in). To set up Telnet, SSH, and TCP port numbers: Enter the following fields.
Page 82: Figure 8-3 Device Ports - Settings Page
8: Devices Figure 8-3 Device Ports - Settings Page Click the port number on the green bar at the top of each  page (shown here). The same page displays as in Figure 8-3. SecureLinx SLC User Guide...
Page 83 Connected to Select the type of device connected to the device port. The SLC supports the Lantronix SecureLinx Remote Power Manager (SLP8 and SLP16) and Sensorsoft devices. If the type of device is not listed, select undefined. If you select anything other than undefined, click Device Commands. The web page displays for the device you selected.
Page 84 8: Devices SSH In Enables access to this port through SSH. Disabled by default.  Port: Automatically assigned Telnet, SSH, and TCP port numbers. You can override the value. Timeout: To cause an idle Telnet, SSH or TCP connection to disconnect ...
Page 85 8: Devices Enable Logins Displays a login prompt and authenticates users for serial devices connected to the device port. Successfully authenticated users are logged into the command line interface. The default is disabled and is the correct setting if the device port is the endpoint for a connection.
Page 86 8: Devices Initialization Script Commands sent to configure the modem may have up to 100 characters. Consult your modem’s documentation for recommended initialization options. If you do not specify an initialization script, the SLC uses a default initialization string of AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0.
Page 87 8: Devices CHAP Handshake The host/username (for UNIX systems) or secret/user password (for Windows systems) used for CHAP authentication. May have up to 128 characters. Same Select this option to let incoming connections (dial-in) use the same authentication authentication for settings as outgoing connections (dial-on-demand).
Page 88: Port Status And Counters
8: Devices Figure 8-4 Modem Log Port Status and Counters Port Status and Counters list the status of signals and interfaces. SLC updates and increments the port counters as signals change and data flows in and out of the system. These counters help troubleshoot connections or diagnose problems because they give the user an overview of the state of various parameters.
Page 89: Device Port - Slp
8: Devices Figure 8-5 Port Status and Counters Section Device Port – SLP On the Device Ports – SLP page, configure commands to send to an SLP or SLP expansion chassis that expands the number of power ports. To open the Device Ports – SLP page: In the Connected to field above the IP Settings section of the Device Ports –...
Page 90: Device Port - Sensorsoft Device
8: Devices To configure SLP: Enter the following fields. Port Displays the port number. (view only) Name Displays the port name. (view only) Device Displays the device type. (view only) SLP Login User ID for logging into the SLP. SLP Password/ Password for logging into the SLP.
Page 91: Figure 8-7 Device Ports - Sensorsoft
8: Devices Figure 8-7 Device Ports - Sensorsoft To configure Sensorsoft settings: 1. Select a port and enter the following fields. Device Port Displays the port number. (view only) Device Port Name Displays the port name. (view only) Temp (°C) Displays the current temperature (Celsius).
Page 92: Device Port Commands
8: Devices Device Port Commands The following CLI commands correspond to the Device Ports page. For more information, see Command Reference. set deviceport port (on page 214)  set deviceport global (on page 217)  set command (on page 214) ...
Page 93: Pc Card Logging
8: Devices 02_Port-2_4.log 02_Port-2_5.log PC Card Logging Note: The PC Card logging feature is only supported on SLC -02 part numbers. Data can be logged to a PC Card Compact Flash that is loaded into one of the PC Card slots on the front of the SLC and properly mounted.
Page 94: Figure 8-8 Device Ports - Logging
8: Devices Figure 8-8 Device Ports - Logging Enter the following fields. Local Logging Local Logging Enable local logging and each device port stores 256 Kbytes (approximately 400 screens) of I/O data in a true FIFO buffer. Disabled by default. Clear Local Log Select the checkbox to clear the local log.
Page 95 8: Devices Trigger on Select the method of triggering a notification: Byte Count: A specific number of bytes of data. This is the default. Text String Recognition: A specific pattern of characters, which you can define by a regular expression. Note: Text string recognition may negatively impact SLC performance, particularly when regular expressions are used.
Page 96 8: Devices NFS File Logging NFS File Logging Select the checkbox to log all data sent to the device port to one or more files on an external NFS server. Disabled by default. NFS Log to View A list of available log files saved to the selected directory to view. Directory to Log to The path of the directory where the log files will be stored.
Page 97: Logging Commands
8: Devices Syslog Logging Syslog Logging Select to enable system logging. Note: The logging level for the device ports log must be set to Info to view Syslog entries for Device Port logging on the Services page. Note: To apply the settings to additional device ports, in the Apply settings to Device Ports field, enter the additional ports, (e.g., 1-3, 5, 6) 3.
Page 98: Console Port Commands
8: Devices Figure 8-9 Console Port Page 2. Enter the following fields. Status Displays the status of the console port. (view only) Baud Select the baud rate (speed) with which the device port exchanges data with the attached serial device. Most devices use 9600 for the administration port, so the console port defaults to this value.
Page 99: Host Lists
8: Devices set consoleport (on page 210)  show consoleport (on page 211)  Host Lists A host list is a prioritized list of SSH, Telnet, and TCP hosts available for establishing incoming modem connections or for the connect direct command on the CLI. The SLC cycles through the list until it successfully connects to one.
Page 100 8: Devices Host Parameters Host Input the name or IP address of the host. Protocol Select the protocol for connecting to the host (TCP, SSH, or Telnet). Port Enter the port on the host to connect to. Escape Sequence Enter the escape character or sequence of characters used to get the attention of the SSH or Telnet client.
Page 101: Host List Commands
8: Devices To view or update a host list: 1. In the Host Lists table, select the host list and click the View Host List button. Host List Commands The following CLI commands correspond to the Host Lists page. For more information, see Command Reference.
Page 102: Figure 8-11 Scripts Page
8: Devices Figure 8-11 Scripts Page 2. Click the Add button. Figure 8-11 shows the page that displays. SecureLinx SLC User Guide...
Page 103: Figure 8-12 Adding New Scripts Page
8: Devices Figure 8-12 Adding New Scripts Page 3. Enter the following fields. Script Name A unique identifier for the script. Type Select Interface for a script that utilizes Expect/Tcl to perform pattern detection and action generation on Device Port output. Select Batch for a script of CLI commands.
Page 104: Batch Script Syntax
8: Devices Group Select the group to which the script will belong:  Default Users—This group has only the most basic rights. You can specify additional rights for the individual user. Power Users—This group has the same rights as Default Users plus ...
Page 105: Interface Script Syntax
8: Devices Interface Script Syntax This section describes the abbreviated scripting syntax for Interface Scripts. This limited syntax was created to prevent the creation of scripts containing potentially harmful commands. Script commands are divided into three groups: Primary, Secondary and Control Flow. Primary commands provide the basic functionality of a script and are generally the first element on a line of a script, as in: send_user “Password:”...
Page 106: Primary Commands
8: Devices == equal to  != not equal to  Primary Commands These are stand-alone commands which provide the primary functionality in a script. These commands may rely on one or more of the Secondary Commands to provide values for some parameters.
Page 107: Secondary Commands
8: Devices exec The exec command executes a single CLI command. Currently only CLI 'show' commands may be executed via exec. Syntax: exec <CLI command> send, send_user The send command sends output to a sub-process, The send_user command sends output to the standard output.
Page 108 8: Devices Find and return the index of the last occurrence of 'str_needle' in 'str_haystack' string length <str> Return the length of 'str' string index <str> <int> Return the character located at position 'int' in 'str' string range <str> <int start> <int end> Return a string consisting of the characters in 'str' between 'int start' and 'int end' string tolower <str>...
Page 109: Control Flow Commands
8: Devices Control Flow Commands The control flow commands allow conditional execution of blocks of other commands. The preprocessor treats these as Primary commands, allowing them to appear anywhere in a script that a Primary command is appropriate. while The while command executes an associated block of commands as long as its Boolean expression evaluates to TRUE.
Page 110: Sample Scripts
8: Devices command n Sample Scripts Interface Script—Monitor Port The Monitor Port (Monport) script connects directly to a device port by logging into the SLC port, gets the device hostname, loops a couple of times to get port interface statistics, and logs out. The following is the script: set monPort 7 set monTime 5...
Page 111 8: Devices #Already Logged in got Command Prompt $prompt { send_user "Already Logged..\r\n" #Get hostname info send "show network port 1 host\r" expect { timeout { send_user "Time out Getting Hostname 1\r\n"; return } "Domain" { #Get Hostname from slc set hostname "[string range $expect_out(buffer) [string first Hostname: $expect_out(buffer)] [expr [string first Domain $expect_out(buffer)]-2]]"...
Page 112 Model Number: SLC48 For a list of commands, type 'help'. [slc251glenn]> show network port 1 host show network port 1 host ___Current Hostname Settings___________________________________________________ Hostname: slc251glenn Domain: support.int.lantronix.com [slc251glen Device HOSTNAME: SLC251GLENN __________________________________________________________________________ Monitored Port: Port 7 Monitor Interval Time: 5 Seconds...
Page 113 Hostname: slc251glenn Domain: support.int. Device HOSTNAME: SLC251GLENN __________________________________________________________________________ Monitored Port: Port 7 Monitor Interval Time: 5 Seconds [Current Time:21:25:04] show portcounter deviceport 7 lantronix.com [slc251glenn]> show portcounter deviceport 7 Device Port: Seconds since zeroed: 1454120 Bytes input: Bytes output: Framing errors:...
Page 114: 9: Pc Cards
Compact Flash is useful for saving and restoring configurations and for Device Port Logging (see Device Ports – Logging on page 92). The SLC supports a variety of Compact Flash-to-PC Card adapters, as well as modem and Basic Rate Interface (BRI) ISDN cards. See the Lantronix web site www.lantronix.com/products/pc- cards-slc.html for a complete list.
Page 115: Modem Settings
To enter modem settings for a PC card, perform the following steps. 1. Insert any of the supported modem or ISDN cards (see www.lantronix.com/slc) into one of the PC card bays on the front of the SLC. You can do this before or after powering up the SLC.
Page 116: Figure 9-3 Pc Card - Modem/Isdn Page
9: PC Cards 2. Click the Devices tab and select the PC Card option. 3. Click the radio button in the PC Card Slots table that shows a modem installed. 4. Click the Configure button. Figure 9-3 shows the page that displays. Figure 9-3 PC Card - Modem/ISDN Page SecureLinx SLC User Guide...
Page 117 9: PC Cards 5. Enter the following fields. Slot Displays the slot position. (view only) Device Displays the device type. (view only) Type Displays the card type. (view only) Firmware Version Displays the current firmware version. (view only) State Displays the state of the device. (view only) State Enables the modem to use dial-out, dial-in, dial-back, CBCP server, CBCP client,...
Page 118 9: PC Cards Data Settings Baud The speed with which the device port exchanges data with the attached serial device. From the drop-down list, select the baud rate. Most devices use 9600 for the administration port, so this is the default. Check the equipment settings and documentation for the proper baud rate.
Page 119 9: PC Cards GSM Bearer Svc. Command to select the bearer service, data rate, and connection element to use when data call originate. Auto-acquire DNS Select to enable the SLC to acquire up to three DNS servers by means of GPRS. Enabled by default.
Page 120 9: PC Cards Enable NAT Select to enable Network Address Translation (NAT) for dial-in and dial-out PPP connections on a per modem (Device Port or PC Card) basis. Users dialing into the SLC access the network connected to Eth1 and/or Eth2. Note: IP forwarding must be enabled on the Network - Settings page for NAT to work.
Page 121: Pc Card Commands
9: PC Cards TCP Port The TCP (raw) session port number to use if you selected TCP. Defaults:  Upper PC Card Slot: 4049 Lower PC Card Slot: 4050   Range: 1025-65535  Authenticate: Checkbox and if selected, the SLC requires user authentication before granting access to the port.
Page 122: 10: Usb Port
Device Ports – Logging on page 92). The SLC supports a variety of thumb drives and modems. See the Lantronix web site for a complete list. Note: This USB port chapter applies only to SLC models with part numbers -03.
Page 123: Figure 10-2 Usb - Storage Page
10: USB Port for Port U1. 5. Click Configure. Figure 10-2 shows the page that displays. Figure 10-2 USB - Storage Page 6. Enter the following fields. Port Slot on the SLC for the USB device. (view only) Device Type of device (modem or storage). (view only) Type Information read from USB device.
Page 124: Manage Firmware And Configuration Files
10: USB Port 7. Click Apply. Manage Firmware and Configuration Files To manage the firmware and configuration files, perform the following steps. 1. Click the Manage Files on the Thumb Drive link on the USB - Storage page. Figure 10-3 Firmware and Configurations - Manage Files (Top of Page) Note: At the bottom of the page, shown in...
Page 125: Usb Commands
10: USB Port Figure 10-4 Firmware and Configurations - Manage Files (Bottom of Page) 2. To delete a file, click the check box next to the filename and click Delete File. A confirmation message displays. 3. To download a file, click the Download button. Select the file from the list. 4.
Page 126 10: USB Port set usb storage format (on page 252)  show usb (on page 252)  show usb storage (on page 252)  show usb modem (on page 253)  SecureLinx SLC User Guide...
Page 127: 11: Connections
11: Connections This chapter describes how to use the Connections web page to connect external devices and outbound network connections, such as Telnet or SSH, in various configurations. For information about how to configure devices to interact with an SLC device port connected to an external device, see Devices.
Page 128: Remote Access Server
11: Connections Figure 11-1 Terminal Server VT100 Terminals Server SLC Console Manager Network Connections Serial Connections for Telnet Sessions Remote Access Server Figure 11-2 shows the SLC connected to one or more modems by its device ports. Configure the device ports on the Device Ports - Settings web page by selecting the Dial-in option in the Modem Settings section.
Page 129: Multiport Device Server
PC connected to the device ports on the SLC as virtual serial ports, enabling the ports to act as if they are local ports to the PC. Configure the SLC for this setup by using special software, for example, Com Port Redirector (available on www.lantronix.com) or similar software.
Page 130: Connection Configuration
11: Connections Figure 11-5 Console Server Web Server Switch SLC Console Manager Telnet/SSH Sessions Router Modem Connection Configuration To create a connection: 1. Click the Devices tab and Connections. Figure 11-6 shows the page that displays. SecureLinx SLC User Guide...
Page 131: Figure 11-6 Connections Page
11: Connections Figure 11-6 Connections Page 2. Enter the following fields. Outgoing Enable an outgoing timeout by clicking the Yes radio button and specifying the Connection seconds. The range is 1 to 9999 seconds. The default is 5 seconds. Timeout Connect: Input the port number that you are connecting.
Page 132: Figure 11-7 Current Connections Section Of The Connections Page
11: Connections Hostname Input the host name or IP Address of the destination. This entry is required if the to field is set to Telnet out, SSH out, TCP port, or UDP port. Port Enter the device port number, if the to field is set to Device Port or Modem on Device Port.
Page 133: Connection Commands
11: Connections To reestablish the connection: 1. Create the connection again in the top part of the page. To view information about Web connections: 1. Click the here link in the text above the table. The Firmware & Configurations - Web Sessions page displays.
Page 134: 12: User Authentication
12: User Authentication This chapter describes authentication methods for users who attempt to log into the SLC by Telnet, SSH, the console port, or one of the device ports. It includes descriptions of user rights, NIS, LDAP, RADIUS, Kerberos, and TACACS+ options. The chapter contains the following sections: Overview of Authentication ...
Page 135: User Rights
12: User Authentication User “joe” tries to login. Because there is an LDAP user named “joe,” the SLC tries to authenticate that user by using the LDAP password first. If that login fails, then the SLC may or may not try to authenticate the user by using the NIS password.
Page 136: Authentication Methods
12: User Authentication Local/Remote User Settings on page 139 for information about assigning rights to users. Authentication Methods To enable, disable, and set the precedence of authentication methods: 1. Click the User Authentication tab and the Authentication Methods option. Figure 12-1 shows the page that displays.
Page 137: Authentication Commands
12: User Authentication RADIUS (Remote An authentication and accounting system used by many Internet Service Authentication Dial-In Providers (ISPs). A client/server protocol, it enables remote access servers User Service) to authenticate dial-in users and authorize their access to the requested system or service.
Page 138: Local And Remote Users
12: User Authentication Local and Remote Users The system administrator can configure the SLC to use local/remote accounts to authenticate users. 1. Click the User Authentication tab and Local/Remote Users option. Figure 12-2 shows the page that displays. Figure 12-2 Local/Remote Users Page The top of the page has checkboxes for enabling local and remote users and for setting password requirements.
Page 139: Local/Remote User Settings
12: User Authentication Authenticate only Select the check box to authenticate users listed in the Remote Users list in users who are in the the lower part of the page. Disabled by default. remote users list Complex Passwords Select to enable the SLC to enforce rules concerning the password structure (e.g., alphanumeric requirements, number of characters, punctuation marks).
Page 140: Figure 12-3 Local/Remote User Settings Page
12: User Authentication Figure 12-3 Local/Remote User Settings Page 2. Enter the following fields. Login User ID of selected user. Authentication Select the type of authenticated user: Local: User listed in the SLC database. Remote: User not listed in the SLC database. A unique numeric identifier the system administrator assigns to each user.
Page 141 12: User Authentication Dial-back Number The phone number the modem dials back on depends on this setting for the device port. The user is either dialed back on a fixed number (specified on Device Ports on page 80), or on a number that is associated with the user’s login (specified here).
Page 142 12: User Authentication Full Administrative Right to perform any function on the SLC. Networking Right to enter network and routing settings. Services Right to enable and disable system and audit logging, SSH and Telnet logins, SNMP, and SMTP. Includes NFS and CIFS. SecureLinx Network Right to view and manage SecureLinx units (e.g., SLPs, Spiders, SLCs) on the local subnet.
Page 143: Local/Remote Users Commands
12: User Authentication 3. Click the Apply button. To delete a local user: 1. On the Local/Remote Users page, select the user and click the Add/Edit User button. The Local/Remote User Settings page displays. 2. Click the Delete User button. 3.
Page 144: Nis
12: User Authentication The system administrator can configure the SLC to use NIS to authenticate users attempting to log in to the SLC through the Web, SSH, Telnet, or the Console port. If NIS does not provide port permissions, you can use this page to grant device port access to users who are authenticated through NIS.
Page 145 12: User Authentication 2. Enter the following fields. Enable NIS Displays selected if you enabled this method on the Authentication Methods page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: You can enable NIS here or on the first User Authentication page.
Page 146 12: User Authentication 3. In the User Rights section, select the user group to which NIS users will belong. Group Select the group to which the NIS users will belong: Default Users: This group has only the most basic rights (described above). Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot &...
Page 147: Nis Commands
H: LDAP Schemas on page 276 for information about installing schema support in the Windows active directory and creating the Lantronix SLC schema attribute. Schema Permissions versus Default User Rights The User Rights shown on the SLC under the LDAP settings are the ones that would be applied to...
Page 148: Figure 12-5 Ldap Page
12: User Authentication Figure 12-5 LDAP Page 2. Enter the following fields. Enable LDAP Displays as checked if you enabled this method in the User Authentication Methods page. If you want to set up this authentication method but not enable it immediately, clear the checkbox.
Page 149 Bind Name contain the $login token, which will be replaced with the current login. For example, if the Bind Name is uid=$login,ou=People,dc=lantronix,dc=com, and user roberts logs into the SLC, LDAP will bind with uid=roberts,ou=People,dc=lantronix,dc=com and the password entered by roberts. Use LDAP Schema...
Page 150 12: User Authentication 3. In the User Rights section, select the user group to which LDAP users belong. Group Select the group to which the LDAP users will belong:  Default Users: This group has only the most basic rights (described above). Power Users: This group has the same rights as Default Users plus ...
Page 151: User Attributes And Permissions From Ldap Schema
12: User Authentication User Attributes and Permissions from LDAP Schema Remote user attributes (group/permissions and port access) can be obtained from an Active Directory server schema via the user attribute secureLinxSLCPerms. This attribute is a set of parameter-value pairs. Each parameter and value is separated by a space, and a space separates each parameter-value pair.
Page 152: Figure 12-6 Radius Page
12: User Authentication Figure 12-6 RADIUS Page 2. Enter the following fields. Enable RADIUS Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox.
Page 153 12: User Authentication RADIUS Server #2 IP address or host name of the secondary RADIUS server. This server can be used as a SecurID proxy. Server #2 Port Number of the TCP port on the RADIUS server used for the RADIUS service. If you do not specify an optional port, the SLC uses the default RADIUS port (1812).
Page 154: Radius Commands
12: User Authentication 4. Select or clear the checkboxes for the following rights. Full Right to add, update, and delete all editable fields. Administrative Networking Right to enter Network settings. Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and SMTP.
Page 155: Kerberos
12: User Authentication Kerberos Kerberos is a network authentication protocol that provides strong authentication for client/server applications by using secret-key cryptography. The system administrator can configure the SLC to use Kerberos to authenticate users attempting to log in using the Web, Telnet, SSH, or the console port. Users who are authenticated through Kerberos are granted device port access through the port permissions on this page.
Page 156 12: User Authentication 2. Enter the following fields. Enable Kerberos Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: You can enable Kerberos here or on the first User Authentication page.
Page 157 12: User Authentication Clear Port Buffers The ports whose port buffer users may clear using the set log clear command. 3. In the User Rights section, select the user group to which Kerberos users will belong. Group Select the group to which the Kerberos users will belong: Default Users: This group has only the most basic rights (described above).
Page 158: Kerberos Commands
12: User Authentication Kerberos Commands The following CLI commands correspond to the Kerberos page. For more information, see Command Reference. set kerberos (on page 225)  show kerberos (on page 225)  TACACS+ Similar to RADIUS, the main function of TACACS+ is to perform authentication for remote access. The SLC supports the TACACS+ protocol (not the older TACACS or XTACACS protocols).
Page 159: Figure 12-8 Tacacs+ Page
12: User Authentication Figure 12-8 TACACS+ Page 2. Enter the following fields. Enable TACACS+ Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox.
Page 160 12: User Authentication Escape Sequence A single character or a two-character sequence that causes the SLC to leave direct (interactive) mode. (To leave listen mode, press any key.) A suggested value is Esc+A (escape key, then uppercase “A” performed quickly but not simultaneously).
Page 161: Tacacs+ Commands
12: User Authentication SSH Keys Right to set SSH keys for authenticating users. User Menus Right to create a custom user menu for the CLI for TACACS+ users. Reboot & Right to use the CLI or shut down the SLC and then reboot it. Shutdown Firmware &...
Page 162: Exported Keys
12: User Authentication The public key file can be imported via SCP or FTP; once imported, you can view or delete the public key. Any SSH connection into the SLC from the designated host/user combination uses the SSH key for authentication. Exported Keys The SLC can generate SSH keys for SSH connections out of the SLC for any SLC user.
Page 163: Figure 12-9 Ssh Keys Page
12: User Authentication Figure 12-9 SSH Keys Page 2. Enter the following fields. SecureLinx SLC User Guide...
Page 164 12: User Authentication Imported Keys (SSH In) Host & User These entries are required in the following cases: Associated with  The imported key file does not contain the host that the user will be making an SSH connection from, or The SLC local user login for the connection is different from the user name the ...
Page 165 12: User Authentication Public Key Filename of the public host key. Filename Host and Login for Export Export via Select the method (SCP, FTP, or Cut and Paste) of exporting the key to the remote server. Cut and Paste, the default, requires no other parameters for export.
Page 166: Figure 12-10 Ssh Server/Host Keys Page
12: User Authentication Figure 12-10 SSH Server/Host Keys Page 2. Enter the following fields. Reset to Default Select the All Keys checkbox to reset all default key(s), or select one or more Host Key checkboxes to reset defaults for RSA1, RSA, or DSA keys. All checkboxes are unselected by default.
Page 167: Ssh Commands
12: User Authentication Public Key Filename Filename of the public host key. Private Key Filename of the private host key. Filename Host Host name or IP address of the host from which to import the key. Path Path of the directory where the host key will be stored. Login User ID to use to SCP or SFTP the file.
Page 168 12: User Authentication [slc]> set menu add menu1 Enter optional menu title (<return> for none): Menu1 Title Specify nickname for each command? [no] y Enter each command, up to 50 commands ('logout' is always the last command). Press <return> when the menu command set is complete. Command #1: connect direct deviceport 1 Nickname #1: connect Port-1...
Page 169: Custom User Menus Commands
12: User Authentication User “john” logs into the command line interface, initially sees menu1, executes the command to jump to nested menu menu2, and then returns to menu1: Welcome to the SecureLinx Console Manager Model Number: SLC32 For a list of commands, type 'help'. [Enter 1-4]>...
Page 170: 13: Maintenance
13: Maintenance This chapter describes the tasks that the system administrator performs by using the pages of the Maintenance tab and additional commands on the command line interface. It contains the following sections: Firmware and Configurations  System Logs  Audit Log ...
Page 171: Figure 13-1 Firmware & Configurations Page
13: Maintenance Figure 13-1 Firmware & Configurations Page 2. Enter the following fields. General Reboot Select this option to reboot the SLC immediately. The default is No. Note: The front panel LCD displays the “Rebooting the SLC” message, and the normal boot sequence occurs. Shutdown Select this option to shut down the SLC.
Page 172 If you select USB, port U1 is automatically selected Firmware Filename The name of the firmware update file downloaded from the Lantronix web site. A 32-hex character key for validating the firmware file. The key is provided in the firmware Release Notes available with the SLC firmware at www.lantronix.com/support/downloads.
Page 173 13: Maintenance Password & Retype The FTP user password. Password Boot Banks Bank 1 Version of SLC firmware in bank 1. Note: The word “current” displays next to the bank the SLC booted from. Bank 2 Version of SLC firmware in bank 2. Next Boot Bank Current setting for bank to boot from at next reboot.
Page 174 13: Maintenance Location for Save, If you selected to save or restore a configuration, select one of the following Restore, or Manage options:  Local Disk – Saved Configurations: If restoring, select a saved configuration from the drop-down list. FTP Server : The FTP server specified in the FTP/SFTP/TFTP section. If ...
Page 175: Firmware And Configurations Commands
13: Maintenance Figure 13-2 Firmware & Configurations - Manage Configuration Files Page 2. To download files, click the Download File button. A File Download window opens to confirm the download. 3. To rename files, check the box of the file that you want to rename and enter the new name in the text box.
Page 176: System Logs
13: Maintenance admin config save (on page 199)  admin config show (on page 199)  System Logs The System Logs page allows you to view and clear system logs. See 7: Services for more information about system logs. To view system logs: 1.
Page 177: Figure 13-4 System Log Output Page
Select to and enter the person’s email address. c. Press the Email Output button. 5. To email the system log to Lantronix Technical Support: a. In the Comment field, enter a comment (if desired). b. Select to: Lantronix Tech Support.
Page 178: System Logs Commands
13: Maintenance System Logs Commands The following CLI commands correspond to the System Logs page. For more information, see 15: Command Reference. show syslog (on page 248)  show syslog clear (on page 248)  Audit Log The Audit Log web page displays a log of all actions that have changed the configuration of the SLC.
Page 179: Email Log
13: Maintenance Email Log The Email Log web page displays a log of all emails that have been sent by the SLC, a count of the number of emails sent, the number of bytes sent, and the number of email errors. Use the SSH/Telnet/Logging page to configure the email (SMTP) server and sender.
Page 180: Figure 13-7 Diagnostics Page
13: Maintenance Figure 13-7 Diagnostics Page 2. Enter the following fields. Select Diagnostics Select one or more diagnostic methods you want to run, or select All to run them all. ARP Table Address Resolution Protocol (ARP) table used to view the IP address-to- hardware address mapping.
Page 181: Figure 13-8 Diagnostics Report Page
13: Maintenance Send Packet This option sends an Ethernet packet out one of the Ethernet ports, mainly as a network connectivity test. Enter the following: Protocol: Select the type of packet to send. Hostname: Specify a host name or IP address of the host to send the packet to. Port: Specify a TCP or UDP port number of the host to send the packet to.
Page 182: Diagnostics Commands
In the Comment field, enter a comment (if desired). b. Select to: Lantronix Tech Support c. Call Lantronix Tech Support and obtain a case number. For contact information, click the Lantronix Tech Support link. d. Enter the number in Case Number.
Page 183: Figure 13-9 Status/Reports Page
13: Maintenance Figure 13-9 Status/Reports Page 2. Enter the following fields. View Report View Report Select as many of the reports as desired, or select All. Port Status: Displays the status of each device port: mode, user, any related connections, and serial port settings. Port Counters: Displays statistics related to the flow of data through each device port.
Page 184: Figure 13-10 Generated Reports Page
In the Comment field, enter a comment (if desired). b. Select to: Lantronix Tech Support c. Call Lantronix Tech Support and obtain a case number. For contact information, click the Lantronix Tech Support link. d. Enter the number in Case Number.
Page 185: Status/Reports Commands
13: Maintenance Status/Reports Commands The following CLI commands correspond to the Status/Reports page. For more information, see 15: Command Reference. show sysconfig (on page 248)  show sysstatus (on page 248)  show connections (on page 210)  show connections connid (on page 210) ...
Page 186: Events Commands
13: Maintenance 2. Enter the following fields. Event Trigger From the drop-down list, select the type of incident that triggers an event. Currently, the options are:  Receive Trap Temperature Over/Under Limit: For Sensorsoft devices.   Humidity Over/Under Limit: For Sensorsoft devices. Action From the drop-down list, select the action taken because of the trigger.
Page 187: Banners
13: Maintenance Banners The Banners page allows the system administrator to customize text messages that display to users. To configure banner settings: 1. Click Banners. Figure 13-12 shows the page that displays. Figure 13-12 Banners Page 1. Enter the following fields. Welcome Banner The text to display on the command line interface before the user logs in.
Page 188: Lcd And Keypad
13: Maintenance admin banner show (on page 197)  admin banner ssh (on page 197)  admin banner welcome (on page 198)  LCD and Keypad The LCD has a series of screens, consisting of 2 lines of 24 characters each. Specific screens and the display order can be configured.
Page 189: Lcd/Keypad Commands
13: Maintenance Restore Factory The 6 digit key sequence entered at the keypad to restore the SLC to factory Defaults Password defaults. The default is 999999. To configure the LCD: 1. Select a screen and click the up arrow or the down arrow to change the order of the screens. 2.
Page 190: 14: Application Examples
14: Application Examples Each SLC has multiple serial ports and two network ports as shown in Figure 14-1. Each serial port can be connected to the console port of a device. Using a network in-band port or an out-of- band modem for a dial-up connection, an administrator can remotely access any of the connected devices using Telnet or SSH.
Page 191 14: Application Examples In the example below, the system administrator performs the following steps: 1. Display the settings for device port 2 by using the show deviceport command. [slc]> show deviceport port 2 ___Current Device Port Settings________________________________________________ Number: 2 Name: Port-2 Modem Settings-------------------Data Settings----------IP Settings--------- Modem State: disabled Baud Rate: 9600...
Page 192: Dial-In (Text Mode) To A Remote Device
14: Application Examples Dial-in (Text Mode) to a Remote Device The example in Figure 14-3 shows a modem connected to the SLC device port 1, and a SUN server connected to the SLC device port 2. You can configure the modem for text mode dial-in, so a remote user can dial into the modem using a terminal emulation program and access the SUN server.
Page 193: Local Serial Connection To Network Device Via Telnet
14: Application Examples 4. Log into the SLC. CONNECT 57600 Welcome to the SLC login: sysadmin Password: Welcome to the SecureLinx Console Manager Model Number: SLC48 For a list of commands, type 'help'. [slc]> 5. Connect to the SUN UNIX server using the connect direct command. [slc]>...
Page 194 14: Application Examples The system administrator performs the following steps. 1. Display the settings for device port 2 by using the show deviceport command. [slc]> show deviceport port 2 ___Current Device Port Settings________________________________________________ Number: 2 Name: Port-2 Modem Settings-------------------Data Settings----------IP Settings--------- Modem State: disabled Baud Rate: 9600 Telnet: disabled...
Page 195: 15: Command Reference
15: Command Reference This chapter lists and describes all of the commands available on the SLC command line interface (CLI) accessed by using Telnet, SSH, or a serial connection. In addition to the commands, this chapter contains the following sections: Introduction to Commands ...
Page 196: Command Line Actions And Categories
15: Command Reference <value> User must specify an appropriate value, for example, an IP address. The  parameter values are in mixed case. Square brackets [ ] indicate optional parameters. Command Line Actions and Categories Table 15-1 lists the actions and categories for each action. Table 15-1 Actions and Category Options Action Category...
Page 197: Deprecated Commands
15: Command Reference To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.  When the number of lines displayed by a command exceeds the size of the window (the  default is 25), the command output is halted until youare ready to continue. To display the next line, press Enter, and to display the page, press the space bar.
Page 198 15: Command Reference admin banner welcome Syntax admin banner welcome <Banner Text> Description Configures the banner displayed before the user logs in. Note: To go to the next line, type \n and press Enter. admin clear Syntax admin clear tmpdir Description Resets system resources and clears the temporary directory.
Page 199 15: Command Reference Note: The Config Params to Preserve get contained as a comma-separated list of current configuration parameters that are kept after the config restore or factorydefaults. Description Restores the factory default settings. admin config restore Syntax admin config restore <Config Name> location <local | ftp | sftp | nfs | cifs | pccard | usb>...
Page 200 15: Command Reference admin firmware bootbank Syntax admin firmware bootbank <1|2> Description Sets the boot bank to be used at the next SLC reboot. Applies to dual-boot SLCs only. admin firmware copybank Syntax admin firmware copybank Description Copies the boot bank from the currently booted bank to the alternate bank (for dual-boot SLCs). admin firmware show Syntax admin firmware show [viewlog <enable|disable>]...
Page 201 15: Command Reference admin ftp show Syntax admin ftp show Description Displays FTP settings. admin keypad Syntax admin keypad <lock|unlock> Description Locks or unlocks the LCD keypad. If the keypad is locked, you can scroll through settings but not change them. admin keypad password Syntax admin keypad password (Must be 6 digits.)
Page 202 15: Command Reference admin lcd line1 Syntax admin lcd line1 <1-24 Chars> line2 <1-24 Chars> Description Sets the strings displayed on the LCD user string screen. admin lcd screens Syntax admin lcd screens <zero or more parameters> Parameters currtime <1-8> network <1-8>...
Page 203 15: Command Reference Description Runs the quick setup script. admin reboot Syntax admin reboot Description Terminates all connections and reboots the SLC. The front panel LCD displays the “Rebooting the SLC” message, and the normal boot sequence occurs. admin site Syntax admin site row <Data Center Rack Row Number>...
Page 204 15: Command Reference admin web certificate Syntax admin web certificate import via <sftp|scp> certfile <Certificate File> privfile <Private Key File> host <IP Address or Name> login <User Login> [path <Path to Files>] Description Imports an SSL certificate. admin web certificate reset Syntax admin web certificate reset Description...
Page 205: Audit Log Commands
15: Command Reference admin web timeout Syntax admin web timeout <disable|5-120> Description Configures the timeout for web sessions. admin web terminate Syntax admin web terminate <Session ID> Description Terminates a web session. admin web show Syntax admin web show [viewslmsessions <enable|disable>] Description Displays the current sessions and their ID.
Page 206: Cli Commands
15: Command Reference tacacs+ <1-6> Description Sets ordering of authentication methods. Local Users authentication is always the first method used. Any methods omitted from the command are disabled. show auth Syntax show auth Description Displays authentication methods and their order of precedence. show user Syntax show user...
Page 207: Connection Commands
15: Command Reference Description Starts a menu if the menu associated with the user does not display. set cli terminallines Syntax set cli terminallines <disable|Number of lines> Description Sets the number of lines in the terminal emulation screen for paging through text one screen at a time, if the SLC cannot detect the size of the terminal automatically.
Page 208 15: Command Reference date <MMDDYYhhmm[ss]> charcount <# of Chars> charseq <Char Sequence> charxfer <toendpoint|fromendpoint> <SSH flags> is one or more of: user <Login Name> version <1|2> command <Command to Execute> Note: If the trigger is datetime (establish connection at a specified date/time), enter the date parameter.
Page 209 15: Command Reference connect global outgoingtimeout Syntax connect global outgoingtimeout <disable|1-9999 seconds> Description Sets the amount of time the SLC will wait for a response (sign of life) from an SSH/Telnet server that it is trying to connect to. connect global show Syntax connect global show Description...
Page 210: Console Port Commands
15: Command Reference Parameters exclusive <enable|disable> trigger <now|datetime|chars> date <MMDDYYhhmm[ss]> charcount <# of Chars> charseq <Char Sequence> Note: If the trigger is datetime (establish connection at a specified date/time), enter the date parameter. If the trigger is chars (establish connection on receipt of a specified number or characters or a character sequence), enter either the charcount or the charseq parameter.
Page 211: Custom User Menu Commands
15: Command Reference timeout <disable|1-30 minutes> Description Configures console port settings. show consoleport Syntax show consoleport Description Displays console port settings. Custom User Menu Commands Users can have custom user menus as their command line interface, rather than the standard CLI command set.
Page 212: Date And Time Commands
15: Command Reference Description Creates a new custom user menu or adds a command to an existing custom user menu. set menu copy Syntax set menu copy <Menu Name> newmenu <New Menu Name> Description Make a copy of an existing menu. set menu edit Syntax set menu edit <Menu Name>...
Page 213: Device Commands
15: Command Reference set datetime Syntax set datetime <one date/time parameter> Parameters date <MMDDYYhhmm[ss]> timezone <Time Zone> Note: If you do not have a valid <Time Zone>, enter “timezone <invalid time zone>” and the system guides you through the process of selecting a time zone. Description Sets the local date, time, and local time zone (one parameter at a time).
Page 214: Device Port Commands
15: Command Reference set command Syntax set command <Device Port # or Name or List> <one or more parameters> Parameters slp auth login <User Login> slp restart slp outletcontrol state <on|off|cyclepower> [outlet <Outlet #>][tower <A|B>] (Outlet # is 1-8 for SLP8 and 1-16 for SLP16. The outletcontrol parameters control individual outlets.) slp outletstate [outlet <Outlet #>] [tower <A | B>] slp envmon...
Page 215 15: Command Reference calleridcmd <Modem Command String> calleridlogging <enable|disable> cbcptype <admin|user> cbcpnocallback <enable|disable> chaphost <CHAP Host or User Name> chapsecret <CHAP Secret or User Password> checkdsr <enable|disable> closedsr <enable|disable> databits <7|8> device <none | slp8 | slp16 | slp8exp8 | slp8exp16 | slp16exp8 | slp16exp16 | sensorsoft>...
Page 216 15: Command Reference modemtimeout <disable|1-9999 seconds> name <Device Port Name> nat <enable|disable> nfsdir <Logging Directory> nfslogging <enable|disable> nfsmaxfiles <Max # of Files> nfsmaxsize <Size in Bytes> parity <none|odd|even> pccardlogging <enable|disable> pccardmaxfiles <Max # of Files> pccardmaxsize <Size in Bytes> pcccardslot <upper|lower> portlogseq <1-10 Chars>...
Page 217 15: Command Reference usbport <U1> viewportlog <enable|disable> webcolumns <Web SSH/Telnet Cols> webrows <Web SSH/Telnet Rows> Note: A group of device ports can be configured by specifying a comma-separated list of ports (i.e., '1-4,8,10-12') or 'ALL'. Remove breakseq for Device Ports connected to raw binary connections.
Page 218: Diagnostic Commands
15: Command Reference Description Displays the settings for one or more device ports. show portcounters Syntax show portcounters [deviceport <Device Port List or Name>] [email <Email Address>] Description Displays device port statistics and errors for one or more ports. You can optionally email the displayed information.
Page 219 15: Command Reference diag lookup Syntax diag lookup <Name> [email <Email Address>] Description Resolves a host name into an IP address. You can optionally email the displayed information. diag loopback Syntax diag loopback <Device Port Number or Name>[<parameters>] Parameters test <internal|external> xferdatasize <Size In Kbytes to Transfer>...
Page 220 15: Command Reference diag ping | ping6 Syntax diag ping | ping6 <IP Address or Name> [<parameters>] Parameters count <Number Of Times To Ping> packetsize <Size In Bytes> ethport <1|2> Defaults count:5 packetsize:64 Description Verifies if the SLC can reach a host over the network. diag perfstat Syntax diag perfstat [ethport <1|2>] [deviceport <Device Port # or Name>]...
Page 221: Email Log Commands
15: Command Reference Email Log Commands show emaillog Syntax show emaillog [email <Email Address>] Description Display the email log. show emaillog clear Syntax show emaillog clear Description Clear the email log. Events Commands admin events add Syntax admin events add <trigger> <response> <trigger>...
Page 222: Host List Commands
15: Command Reference admin events edit Syntax admin events edit <Event ID> <parameters> Parameters community <SNMP Community> deviceport <Device Port # or Name> ethport <1|2> nms <SNMP NMS> oid <SNMP Trap OID> pccardslot <upper|lower> emailaddress <destination email address> Description Edits event definitions. admin events show Syntax admin events show...
Page 223: Ip Filter Commands
15: Command Reference protocol <ssh|telnet|tcp> port <TCP Port> escapeseq <1-10 Chars> Description Adds a new host entry to a list or edit an existing entry. set hostlist delete Syntax set hostlist delete <Host List> [entry <Host Number>] Description Deletes a host list, or a single host entry from a host list. set hostlist edit Syntax set hostlist edit <Host List Name>...
Page 224 15: Command Reference Description Maps an IP filter to an interface. set ip filter rules Syntax set ipfilter rules <parameters> Parameters: add <Ruleset Name> delete <Ruleset Name> edit <Ruleset Name> <Edit Parameters> append insert <Rule Number> replace <Rule Number> delete <Rule Number> Description Sets IP filter rules.
Page 225: Kerberos Commands
15: Command Reference Description Displays the rulesets for the IP filters. show ipfilter status Syntax show ipfilter status <all|Ruleset Name> Description Displays the IP filter status. Kerberos Commands set kerberos Syntax set kerberos <one or more parameters> Parameters breakseq <1-10 Chars> clearports <Port List>...
Page 226: Ldap Commands
15: Command Reference Description Displays Kerberos settings. LDAP Commands set ldap Syntax set ldap <one or more parameters> Parameters adsupport <enable|disable> base <LDAP Base> bindname <Bind Name> bindpassword <Bind Password> bindwithlogin <enable|disable> useldapschema <enable|disable> breakseq <1-10 Chars> clearports <Port List> custommenu <Menu Name>...
Page 227: Local Users Commands
15: Command Reference Local Users Commands set localusers Syntax set localusers add|edit <User Login> <one or more parameters> Parameters uid <User Identifier> allowdialback <enable|disable> breakseq <1-10 Chars> changenextlogin <enable|disable> changepassword <enable|disable> clearports <Port List> custommenu <Menu Name> dataports <Port List> dialbacknumber <Phone Number>...
Page 228 15: Command Reference set localusers consoleonlyadmin Syntax set localusers consoleonlyadmin <enable|disable> Description Sets console-only admin usage. set localusers delete Syntax set localusers delete <User Login> Description Deletes a local user. set localusers lifetime Syntax set localusers lifetime <Number of Days> Description Sets the number of days the login password may be used.
Page 229 15: Command Reference set localusers password Syntax set localusers password <User Login> Description Sets a login password for the local user. set localusers periodlockout Syntax set localusers periodlockout <Number of Minutes> Description Sets the number of minutes after a lockout before the user can try to log in again. Disabled by default.
Page 230: Log Commands
15: Command Reference Log Commands set log clear Syntax set log clear <Device Port # or Name> Description Clears the Device Port local buffer. Local logging must be enabled for a Device Port in order to use this command. set log clear modem Syntax set log clear modem Description...
Page 231: Network Commands
15: Command Reference Defaults bytes:1000 startbyte:1 numlines:40 Description Views the log for local, NFS, or PC card logging. NFS and PC card use the current logging settings for the device port. The default is to show the tail of the log. show log modem Syntax show log modem [display <head|tail>] [numlines <Number of Lines>]...
Page 232 15: Command Reference set network gateway Syntax set network gateway <parameters> Parameters default <IP Address> precedence <dhcp|gprs|default> alternate <IP Address> pingip <IP Address> ethport <1 | 2> pingdelay <1-250 seconds> failedpings <1-250> Description Sets default and alternate gateways. The alternate gateway is used if an IP address usually accessible through the default gateway fails to return one or more pings.
Page 233 15: Command Reference show network all Syntax show network all Description Displays all network settings. show network bonding Syntax show network bonding Description Displays network connections that are bonded. show network dns Syntax show network dns Description Displays DNS settings. show network gateway Syntax show network gateway...
Page 234: Nfs And Smb/Cifs Commands
15: Command Reference NFS and SMB/CIFS Commands set cifs Syntax set cifs <one or more parameters> Parameters eth1 <enable|disable> eth2 <enable|disable> state <enable|disable> workgroup <Windows workgroup> Description Configures the SMB/CIFS share, which contains the system and device port logs. Note: The admin config command saves SLC configurations on the SMB/CIFS share.
Page 235: Nis Commands
15: Command Reference Description Unmounts a remote NFS share. show cifs Syntax show cifs Description Displays SMB/CIFS settings. show nfs Syntax show nfs Description Displays NFS share settings. NIS Commands set nis Syntax set nis <one or more parameters> Parameters breakseq <1-10 Chars>...
Page 236: Pc Card Commands
15: Command Reference state <enable|disable> Description Configures the SLC to use NIS to authenticate users who log in via the Web, SSH, Telnet, or the console port. show nis Syntax show nis Description Displays NIS settings. PC Card Commands pccard modem Syntax pccard modem <upper|lower>...
Page 237 15: Command Reference gsmcontext <GPRS Context Id> gsmdialoutmode <gprs|gsm> gsmpin <GSM/GPRS PIN Number> initscript <Modem Initialization Script> isdnchannel <1|2> isdnnumber <Phone Number> localipaddr <negotiate|IP Address> modemmode <text|ppp> modemstate <disable | dialin | dialout | dialback | cbcpserver | cbcpclient | dialondemand | dialin+ondemand | dialinhostlist>...
Page 238 15: Command Reference pccard storage delete Syntax pccard storage delete <upper|lower> file <Current Filename> Description Removes a file on a Compact Flash card. pccard storage dir Syntax pccard storage dir <upper|lower> Description Views a directory listing of a Compact Flash card. pccard storage format Syntax pccard storage format <upper|lower>...
Page 239: Radius Commands
15: Command Reference show pccard Syntax show pccard Description Displays currently loaded PC cards with product information and settings. show pccard storage Syntax show pccard storage Description Displays product information and settings for any PC card compact flash. show pccard modem Syntax show pccard modem Description...
Page 240: Remote Users Commands
15: Command Reference Description Configures the SLC to use RADIUS to authenticate users who log in via the Web, SSH, Telnet, or the console port. set radius server Syntax set radius server <1|2> host <IP Address or Hostname> secret <Secret> [port <TCP Port>] Description Identifies the RADIUS server, the text secret, and the TCP port number.
Page 241: Routing Commands
15: Command Reference Description Sets attributes for users who log in by a remote authentication method. set remoteusers delete Syntax set remoteusers delete <User Login> Description Removes a remote user. set remoteusers listonlyauth Syntax set remoteusers listonlyauth <enable|disable> Description Sets whether remote users who are not part of the remote user list will be authenticated. show remoteusers Syntax show remoteusers...
Page 242: Script Commands
15: Command Reference show routing Syntax show routing [sort <destination|iface>] [display <IP Address>] [resolveip <enable|disable>] [email <Email Address>] Description Sets the routing table to display IP addresses (disable) or the corresponding host names (enable). You can email the displayed information. Script Commands set script delete Syntax...
Page 243: Services Commands
15: Command Reference set script update Syntax set script update <interface|batch> name <Script Name> [group <default|power|admin>] [permissions <Permission List>] Description Updates a script. show script Syntax show script [type <interface|batch> [name <Script Name>]] Description Display list of Device Port (interface) scripts or CLI (batch) scripts, or view the contents of a script. Services Commands set services Syntax...
Page 244 15: Command Reference rocommunity <Read-Only Community> rwcommunity <Read-Write Community> servlog <off|error|warning|info|debug> smtpsender <Email Address> smtpserver <IP Address or Name> snmp <enable|disable> ssh <enable|disable> syslogserver1 <IP Address or Name> syslogserver2 <IP Address or Name> telnet <enable|disable> timeoutssh <disable|1-30 minutes> timeouttelnet <disable|1-30 minutes> traps <enable|disable>...
Page 245: Slc Network Commands
15: Command Reference show services Syntax show services Description Displays current services. SLC Network Commands set slcnetwork Syntax set slcnetwork <parameters> Parameters add <IP Address> delete <IP Address> search <localsubnet|ipaddrlist|both> Description Detects and displays all SLC or user-defined IP addresses on the local network. show slcnetwork Syntax show slcnetwork[ipaddrlist <all|Address Mask>]...
Page 246 15: Command Reference Parameters keyhost <SSH Key Host> keyname <SSH Key Name> keyuser <SSH Key User> Description Deletes an ssh key. Specify the keyuser and keyhost to delete an imported key; specify the keyuser and keyname to delete exported key. set sshkey export Syntax set sshkey export <ftp|scp|copypaste>...
Page 247 15: Command Reference Description Imports an SLC host key. set sshkey server reset Syntax set sshkey server reset [type <all|rsa1|rsa|dsa>] Description Resets defaults for all or selected host keys. show sshkey export Syntax show sshkey export <one or more parameters> Parameters [keyhost <SSH Key IP Address or Name>] [keyuser <SSH Key User>]...
Page 248: Status Commands
15: Command Reference Status Commands show sysconfig Syntax show sysconfig [display <basic|auth|devices>] [email <Email Address] Description Displays a snapshot of all configurable parameters. Optionally emails the displayed information. show sysstatus Syntax show sysstatus [email <Email Address>] Description To display the overall status of all SLC devices. Optionally emails the displayed information. System Log Commands show syslog Syntax...
Page 249: Temperature Commands
15: Command Reference set tacacs+ Syntax set tacacs+ <one or more parameters> Parameters breakseq <1-10 Chars> clearports <Port List> custommenu <Menu Name> allowdialback <enable|disable> dialbacknumber <Phone Number> dataports <Port List> encrypt <enable|disable> escapeseq <1-10 Chars> group <default|power|admin> listenports <Port List> permissions <Permission List>...
Page 250: Usb Commands
15: Command Reference show temperature Syntax show temperature Description Displays the acceptable range and the current reading from the internal temperature sensor. USB Commands set usb access Syntax set usb access <enable | disable> Description Enables or disables access to USB devices. set usb modem Syntax set usb modem <U1>...
Page 251 15: Command Reference initscript <Modem Init Script> localipaddr <negotiate|IP Address> modemmode <text|ppp> modemstate <disable | dialin | dialout | dialback | cbcpserver | cbcpclient | dialondemand |dialin+ondemand | dialinhostlist> modemtimeout <disable|1-9999 sec> nat <enable|disable> parity <none|odd|even> remoteipaddr <negotiate|IP Address> service <none|telnet|ssh|tcp> sshauth <enable|disable>...
Page 252 15: Command Reference Description Copies a file on a thumb drive. set usb storage delete Syntax set usb storage delete <U1> file <Current Filename> Description Removes a file on a thumb drive. set usb storage format Syntax set usb storage format <U1> [filesystem <ext2|fat>] Description Formats a thumb drive.
Page 253: User Permissions Commands
15: Command Reference show usb modem Syntax show usb modem Description Display product information and settings for any USB modem. User Permissions Commands Each user is a member of a group (default users, power users, administrators) and has a set of user rights associated with the group.
Page 254: A: Bootloader
To access the bootloader CLI: 1. Power up the SLC. 2. Type x15 within 10 seconds of power up. The bootloader halts the boot procedure and displays a Lantronix command prompt. Bootloader Commands User Commands Lists and prints the command list and online help.
Page 255: Administrator Commands
A: Bootloader Administrator Commands In addition to the commands that the user can issue, the administrator can issue the following commands: Copies an image of the drive from the lower imagecopy PCMCIA device to the internal CF card. Provides a new password for user admin. The passwd default password for user admin is admin.
Page 256: B: Security Considerations
B: Security Considerations The SLC provides data path security by means of SSH or Web/SSL. Do not assume that you have complete security, however. Securing the data path is only one way to ensure security. This appendix briefly discusses some important security considerations. Security Practice Develop and document a Security Practice.
Page 257: C: Safety Information
Do not remove the cover of the chassis. There are no user-serviceable parts inside. Opening or removing the cover may expose you to dangerous voltage that could cause fire or electric shock. Note: Refer all servicing to Lantronix. Power Plug ...
Page 258: Grounding
C: Safety Information Grounding  Maintain reliable grounding of this product.  Pay particular attention to supply connections when connecting to power strips, rather than directly to the branch circuit.  Install DC-rated equipment only under the following conditions: Connect the equipment to a DC supply source that is electrically isolated from the AC source and reliably connected to ground, or connect it to a DC (SELV) source.
Page 259: Port Connections
C: Safety Information Port Connections  Only connect the network port to an Ethernet network that supports 10Base-T/100Base-T.  Only connect device ports to equipment with serial ports that support EIA-232 (formerly RS- 232C).  Only connect the console port to equipment with serial ports that support EIA-232 (formerly RS-232C).
Page 260: D: Adapters And Pinouts
Category 5 fully pinned network cables for all connections when used with Lantronix adapters. The cables are available in various lengths. In most cases, you will need an adapter for your serial devices. Lantronix offers a variety of RJ45- to-serial connector adapters for many devices. These adapters convert the RJ45 connection on the SLC to a 9-pin or 25-pin serial connector found on other manufacturers' serial devices or re- route the serial signals for connections to other devices that use RJ45 serial connectors.
Page 261: Figure D-2 Rj45 Receptacle To Db25F Dce Adapter For The Slc (Pn 200.2067A)
D: Adapters and Pinouts Figure D-2 RJ45 Receptacle to DB25F DCE Adapter for the SLC (PN 200.2067A) SecureLinx SLC User Guide...
Page 262: Figure D-3 Rj45 Receptacle To Db9M Dce Adapter For The Slc (Pn 200.2069A)
D: Adapters and Pinouts Figure D-3 RJ45 Receptacle to DB9M DCE Adapter for the SLC (PN 200.2069A) SecureLinx SLC User Guide...
Page 263: Figure D-4 Rj45 Receptacle To Db9F Dce Adapter For The Slc (Pn 200.2070A)
D: Adapters and Pinouts Figure D-4 RJ45 Receptacle to DB9F DCE Adapter for the SLC (PN 200.2070A) Use PN 200.2070A adapter with a PC serial port. SecureLinx SLC User Guide...
Page 264: Figure D-5 Rj45 To Rj45 Adapter For Netra/Sun/Cisco And Slp (Pns 200.2225 And Adp010104-01)
D: Adapters and Pinouts Figure D-5 RJ45 to RJ45 Adapter for Netra/Sun/Cisco and SLP (PNs 200.2225 and ADP010104-01) Note: The cable ends of the ADP010104-01 are an RJ45 socket on one end and a RJ45 plug on the other instead of RJ45 sockets on both ends. Use this adapter for SLP Remote Power Manager, Netra/SUN/Cisco, and others.
Page 265: E: Protocol Glossary
E: Protocol Glossary BOOTP (Bootstrap Protocol) Similar to DHCP, but for smaller networks. Automatically assigns the IP address for a specific duration of time. CHAP (Challenge Handshake Authentication Protocol) A secure protocol for connecting to a system; it is more secure than the PAP. DHCP (Dynamic Host Configuration Protocol) Internet protocol for automating the configuration of computers that use TCP/IP.
Page 266 E: Protocol Glossary  For text connections, the user will be prompted for a login and password, and will be authenticated via the currently the currently enabled authentication methods (Local Users, NIS, LDAP, etc). Once authenticated, the SLC will use the Dial-back Number configured for the modem –...
Page 267 E: Protocol Glossary using the Local IP and the Remote IP. The PPP connection will stay active until no IP traffic for the Remote IP is sent for Modem Timeout seconds. Once the timeout has expired, the PPP connection will be terminated and will not be reestablished for at least Restart Delay seconds.
Page 268 E: Protocol Glossary The SLC will request the type of number defined by CBCP Client Type - either an Admin- defined Number (the CBCP server determines the number to call) or a User-defined Number (the SLC will provide the Fixed Dial-back Number as the number to call). If the CBCP handshake is successful, the SLC will terminate the PPP connection, hang up, and wait for the server to dial back.
Page 269 E: Protocol Glossary RADIUS (Remote Authentication Dial-In User Service) An authentication and accounting protocol. Enables remote access servers to communicate with a central server to authenticate dial-in users and their access permissions. A company stores user profiles in a central database that all remote servers can share. SMB/CIFS (Server Message Block/Common Internet File System): Microsoft’s protocol for allowing all applications as well as Web browsers to share files across the Internet.
Page 270: F: Compliance Information
The following information specifies compliance information in accordance with ISO/IEC Guide 22 and EN 45014). Manufacturer Name and Address Lantronix Inc., 167 Technology, Irvine, CA 92618 USA Declares that the following product: Product Names: Models SLC8, SLC16, SLC32, and SLC48 SecureLinx Console Managers...
Page 271 This product carries the CE mark since it has been tested and found compliant with the following standards: Safety: EN 60950 Emissions: EN 55022 Class A Immunity: EN 55024 RoHS Notice All Lantronix products in Table F-1 are China RoHS-compliant and free of the following hazardous substances and elements:  Lead (Pb)  Mercury (Hg) ...
Page 272: Table F-1 Lantronix Product Family Names And Toxic/Hazardous Substances And Elements
F: Compliance Information Table F-1 Lantronix Product Family Names and Toxic/Hazardous Substances and Elements Product Family Name Toxic or hazardous Substances and Elements Lead Mercury Cadmium Hexavalent Polybrominated Polybrominated (Pb) (Hg) (Cd) Chromium (Cr (VI)) biphenyls (PBB) diphenyl ethers (PBDE)
Page 273: G: Dc Connector Instructions
G: DC Connector Instructions The -48VDC plug connector is provided to make the input power connectors for your console server. The -48VDC input source should be circuit breaker or fuse protected at 5 amps. Input Voltage: -48VDC (acceptable range of -40 to -60 VDC) ...
Page 274: Figure G-3 Plug Parts To Assemble
G: DC Connector Instructions 3. Using a small screwdriver, press the slot to release the spring pressure for each conductor (as shown in Figure G-2) and insert the wire. When the wire is in position, release the pressure on the screwdriver to securely capture the wire. 4.
Page 275: Figure G-5 Dc Power Cord Into The Slc
G: DC Connector Instructions Figure G-5 DC Power Cord into the SLC b. Turn on your -48VDC power source. c. Turn on the power switch of the SLC console server. 7. Follow the setup instructions in your SLC manual to use your product. SecureLinx SLC User Guide...
Page 276: H: Ldap Schemas
H: LDAP Schemas This appendix describes the procedure for defining individual user permissions from a Windows Active Directory (AD) server to use with the Lantronix SecureLinx Console Manager (SLC) firmware version 5.4 or greater. The procedure outlined in this appendix is based on Windows Server 2003 and 2008 and can vary with other Windows versions.
Page 277: Figure H-1 Programs Window
H: LDAP Schemas Figure H-1 Programs Window 3. Click Start > Run > mmc. 4. Click OK. Figure H-2 shows the window that displays. Figure H-2 MMC Window 5. On the File menu, click Add/Remove Snap-in. Figure H-3 shows the window that displays. SecureLinx SLC User Guide...
Page 278: Figure H-3 Snap-In Window
H: LDAP Schemas Figure H-3 Snap-In Window 6. Under Available snap-ins, click Active Directory Schema > Add > OK. Figure H-4 shows the directory that displays. Figure H-4 Active Directory Schema 7. To save this console, click Save on the File menu. Figure H-5 shows the window that displays.
Page 279: Creating The Lantronix Securelinx Slc Schema Attribute
Figure H-7 Save As Window Creating the Lantronix SecureLinx SLC Schema Attribute 1. Once you have a saved Schema console, open it and right click on Attributes. 2. Mouse over New,and left click on Attribute.
Page 280: Figure H-8 New Attribute Window
H: LDAP Schemas Figure H-8 New Attribute Window 3. Click Continue on the Warning screen. 4. For both the Common Name and LDAP Display Name, use secureLinxSLCPerms in exactly that form (case included). Figure H-9 shows the window that displays. Figure H-9 Create New Attribute Object Window 5.
Page 281: Adding The Attribute To The Users Group In Windows
H: LDAP Schemas Adding the Attribute to the Users Group in Windows 1. Highlight the Classes folder in the console tree on the left. Figure H-10 shows the files that display. Figure H-10 Classes Folder 2. In the right pane, scroll down to user. Figure H-11 shows the window that displayhs.
Page 282: Figure H-12 Class User Properties Window
H: LDAP Schemas Figure H-12 Class User Properties Window 4. Under the Attributes tab, click on Add. Figure H-13 shows the window that displays. Figure H-13 User Properties Window 5. Find the secureLinxSLCPerms attribute, highlight it, and click on OK. SecureLinx SLC User Guide...
Page 283: Adding The Permissions To The Individual User
H: LDAP Schemas Figure H-14 Select Schema Object Window 6. Click on OK on the window underneath. 7. Click on File and click on Save. 8. Exit out of MMC. Adding the Permissions to the Individual User 1. Open ADSI Edit (if you start typing adsi in the search line in Windows, it should find it). Figure H-15 shows the window that displays.
Page 284: Figure H-15 Adsi Edit Window
H: LDAP Schemas Figure H-15 ADSI Edit Window 2. Expand the console tree until you get to the listing of users. Figure H-16 shows the folder that displays. Figure H-16 ADSI Edit Window, CN=Users Folder 3. Right click on the user for whom you wish to configure permissions and left click on Properties. SecureLinx SLC User Guide...
Page 285: Values To Use
H: LDAP Schemas Figure H-17 shows the Properties Window. Figure H-17 Properties Window 4. Under the Attribute Editor tab, scroll down to secureLinxSLCPerms. 5. Highlight it and click on the Edit button. Figure H-18 shows the window that displays. Figure H-18 Atribute Editor Window Values to Use The values that you can use in the Value: field that specify the user permissions are as follows:...
Page 286: String Format
H: LDAP Schemas group  escseq  brkseq  menu  For rights, you can enable the following: fa: Full Administrative  nt: Networking  sv: Services  lu: Local Users  ra: Remote Authentication  dt: Date/Time  sk: SSH Keys ...
Page 287: Figure H-19 String Attribute Editor Window
H: LDAP Schemas Figure H-19 String Attribute Editor Window SecureLinx SLC User Guide...

This manual is also suitable for:

Securelinx slc48 Securelinx slc16 Securelinx slc32

Lantronix SecureLinx SLC8 User Manual

1 : about this Guide

2 : Overview

3 : Installation

4 : Quick Setup

5 : Web and Command Line Interfaces

6 : Basic Parameters

7 : Services

8 : Devices

9 : PC Cards

10 : USB Port

11 : Connections

12 : User Authentication

13 : Maintenance

14 : Application Examples

15 : Command Reference

Quick Links

User Guide

Need help?

Questions and answers

Related Manuals for Lantronix SecureLinx SLC8

Summary of Contents for Lantronix SecureLinx SLC8